Project

General

Profile

Bug #819

spawn-fcgi processes ignore user's other groups

Added by Anonymous about 13 years ago. Updated over 10 years ago.

Status:
Fixed
Priority:
Normal
Assignee:
-
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:

Description

I have observed the following behaviour with spawn-fcgi...
http://lists.edgewall.com/archive/trac/2006-August/009484.html

It seems that spawn-fcgi processes are restricted to the user's default group (or the group specified with -g or both - not sure) but in any case, the user's other groups are totally ignored. In the above example, the trac user is a member or the subversion group but a permissiod denied error is received when trying to access the Subversion repository, despite the correct permissions being set.

I have a feeling this might be related to bug #78. By the look of the changeset, the change was only applied to server.c and not spawn-fcgi.c as well.

-- chewi

History

#1

Updated by Anonymous about 13 years ago

Ah I see that change was added later. Something's still not right then.

#2

Updated by Anonymous over 12 years ago

I've been experiencing the same thing. From looking at the code, I'd say it should work. But it doesn't for me.

-- Matthijs Kooijman <m.kooijman

#3

Updated by stbuehler almost 11 years ago

  • Status changed from New to Fixed
  • Resolution set to wontfix

If you specify user and group it should work (initgroups need username and group id).

#4

Updated by Anonymous almost 11 years ago

So are you saying that it is correct that only the exact user and group you specify (and not any other groups that user may be in) should apply? That doesn't seem right to me. I have since found that you can work around the problem by starting spawn-fcgi via sudo instead since that does respect the user's other groups.

#5

Updated by stbuehler almost 11 years ago

  • Status changed from Fixed to Wontfix
#6

Updated by stbuehler over 10 years ago

  • Project changed from Lighttpd to spawn-fcgi
  • Category deleted (mod_fastcgi)
#7

Updated by stbuehler over 10 years ago

  • Target version set to 1.6.0
#8

Updated by stbuehler over 10 years ago

  • Status changed from Wontfix to Fixed

Fixed in r13 (uses default user group as group; if you choose a different group, the spawned process will probably not have its default group in the group list).

Also available in: Atom